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Question: 1 


Which two user privileges does ASDM allow engineer to create? (Choose two) 


A. Full access 
B. admin 

C. read-write 
D. read-only 
E. write-only 


Answer: CE 


Question: 2 


Refer to the exhibit. 


Switch (config-if)# switchport mode access 
Switch (config-if)# switchport port-security 


Switch (config-if)# switchport port-security 
mac-address sticky 


Which two are true statements about the expected port security behavior? (Choose two.) 


A. If a violation occurs, the swith port waits one minute to recover by default. 

B. Only one MAC address can be learnded by default on the switch port. 

C. Up to five MAC addresses can be learned by default on the switch port. 

D. If a violation occurs, the switch port remains active, but the traffic is dropped. 
E. If a violation occurs, the swithc port shuts down. 


Answer: BE 


Reference: 
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide 
conf/port_sec.pdf 
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Question: 3 


An engineer is applying best practices to stop STP unauthorized changes from the uses port. Which 
two actions help accomplish this task? (Choose two) 


A. Enable STP Guard 
B. Configure RSTP 

C. Disable STP 

D. Enable BPDU Guard 
E. Enable Root Guard 


Answer: DE 


Question: 4 


When you enable IP source Guard on private VLAN ports, which additional action must you take for 
IP Source Guard to be effective? 


A. Enable DHCP snooping on the isolated VLAN 
B. Enable BPDU guard on the isolated VLAN. 
C. Enable BPDU guard on the primary VLAN. 
D. Enable DHCP snooping on the primary VLAN. 


Answer: D 


Question: 5 


DRAG DROP 

An engineer must create an SSHv2 configuration for a remote user with a key size of 2048 on the 
inside network of 192.168.0.0/19 with a fully qualified domain name. Drag and drop the Cisco ASA 
commands on the left onto the matching function on the right. 
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Question: 6 


Refer to the exhibit. 
C2911A> enable view 


C2911 A# configure terminal 
C2911 A(config)# parser view ccnp] 


C2911A(config-view)#commands exec include show ip bgp summary 


% Password not set for view ccnpl 


An engineer is configuring IOS role based CLI access and is getting an error upon entering the 
commands exec include show ip bgp summary parser view command. 
Based on the console message received, which command would fix this error? 


A. enable secret <password> 


B. username <user> secret <password> 
C. password <password> 
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D. secret 5 <encrypted password> 


Answer: D 


Question: 7 


After a session has been secured with MACsec, which two types of traffic can be sent and received 
unencrypted? 


A. EAPOL-Start 

B. DHCP offer 

C. Cisco Discovery Protocol 
D. DHCP discover 

E. EAPOL-Logoff 


Answer: AC 


Question: 8 


Which two main functions for application inspection on ASA are true? 


A. When services use dynamically assigned ports, the application inspection identifies dynamic port 
and permits data on these ports. 

B. When services embed IP addresses in the packet, the application inspection translates embedded 
addresses and updates the checksum. 

C. When services are operating on nonstandard ports, the application inspection identifies the 
nonstandard port and allows the service to run normally. 

D. When services need IP options to function, the application inspection keeps IP options during the 
packet transition through the appliance. 

E. When services use load balancing, the application inspection ensures that connections are load 
blanaced across the servers equally. 


Answer: AB 


Question: 9 


An engineer suspects that client workstations are experiencing extremely poor response time due to 
a man in middle attack. Which feature must be enabled and configured to provide relief from this 
type of attack? 


A. Internet Key Exchange 


B. Link Aggregation 
C. Reverse ARP 


https://www.certkillers.net 


Questions & Answers PDF Page 7 


D. Dynamic ARP Inspection 
E. private VLANs 


Answer: D 


Question: 10 


Refer to the exhibit. 


A. to discard http traffic destined to a proxy server 

B. to define allowed traffic when the URL filtering server is unavailable 

C. to perform deep packet inspection on all http traffic crossing the Cisco ASA 
D. to send http traffic to a defined URL filtering server 


Answer: D 
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